at a guess, some people might realize that their account information has just been compromised and that they should go to paypal to change it - but doing so will be much harder if their computer no longer works that becomes much harder… also, the fact
that the computer no longer works is an excellent way to keep the mark distracted so that maybe they’ll forget all about the email telling them to visit paypal and enter X… finally, since the advice many people (including microsoft) give is to forma
t the drive and rebuild the machine from scratch or to revert to a previously saved image of the drive, the phish email and the browser cache and url history will be gone - which means there won’t be any evidence if one went looking for such things and
you also won’t be able to discover the account compromise by being curious and revisiting the site at a later date (when your anti-phishing tech has been updated)…

in short, to inhibit the discovery of and/or recovery from the account compromise…

# 38 percent claimed that the updates were too disruptive.
…
# 27 percent believed the update would take too long.

After having been on broadband for years, I find myself back on dial up for at least a few months. 56k modems at both ends, but rarely get faster than 45.2k in practice. Like, in fact, most of the on-line world.

And you know what? Updates are too disruptive. They do take too long. In fact now that this article has got me thinking about it, I think I could fairly say that over the last few months, the amount of lost productivity caused by conscientiously doing daily updates is much greater than the lost productivity from malware which I have experienced in my entire life; and that includes not only my own PCs (which have never had an unintentional malware infection) but also those firends I support.

It might be a different story if I used internet banking and got some account details stolen, but I don’t trust internet banking yet (I’ve done some crypto projects with bank programmers; they were total cowboys). It might also be a different story if I (and my friends) didn’t backup critical data.

But if you do do backups, don’t do internet banking, and are on dialup, regular AV updates are a seriously mixed blessing. For quite a lot of people, skipping them until after you get infected may actually be the optimal strategy! Something to think about, anyway.

It is possible as I sent a sample off to the AV companies [including AVG] early yesterday. If you want, you are welcome to send me the file and I will analyse it for you.

As to whether your card has been charged; I doubt it but as I state in the article, “If it is an alleged credit/debit card charge then contact them [your bank or credit card company directly] to see if the alleged sale/purchase has really been made, you can always get a charge-back if it is a fraudulent sale which you did not authorise.”

    So you’ve probably read Part I, which are my favorite security blogs. Now onto some…

Thank you.

As to your other points:

“but one proof of concept does not a virus storm make”

Agreed, however the Austrian malware author created 5 MSH viruses. Also, the research by Eric Chien clearly shows that it [MSH] will be a ‘real’ threat as far as malware is concerned if it is ever installed as a default in Vista or Exchange [or indeed any Microsoft product or OS].

“Are thousands of macro viruses being written today, or do malware writers opt for easier vectors like RPC?”

No and virus writing in general is on the decline in favour of bots, worms, droppers and trojans, but they are still being written. A small core of malware authors will not take the ‘path-of-least-resistance’ and will create ‘proof-of-concept’ malware which will then be used as the ‘blueprint’ for new malware for that specific target.

I can almost hear the shuffling and moaning from here!

I just noticed this item….